JavaScript OPTIONS cross-site data sending with Firefox

I'm having an issue with sending post data to the server when using Firefox. The server is running on Google App Engine.

Here is what I have in my JavaScript.

$.ajax({  
    url: 'http://someurl/example/myform.json',  
    type: 'post',  
    dataType: 'json',  
    data: {  
        'value.title': title,  
        'value.info.first': first,  
        'value.info.second': value  
    },
    success: function(data) {  
        alert("success");  
    },  
    error: function(object, status, error) {  
        alert("error");  
    }  
});

And on the server I have.

@RequestMapping(value = "/myform.json", method = RequestMethod.POST)  
public ResponseEntity<String> create(@ModelAttribute("data") @Valid final Data data,  
final BindingResult result, final HttpServletResponse resp,) {  
  //process Data
}

So far so good, this worked on IE and Chrome without a problem. But then I found out it doesn't work on Firefox and that is because the browser first sends an OPTIONS method before actually posting anything so I went on and made the following to my server.

@RequestMapping(value = "/form.json", method = RequestMethod.OPTIONS)  
public ResponseEntity<String> options(
  final HttpServletResponse resp) {  
    final HttpHeaders responseHeaders = new HttpHeaders();  
    responseHeaders.set("Access-Control-Allow-Origin", "*");  
    responseHeaders.set("Access-Control-Allow-Methods", "GET, POST, OPTIONS");  
    responseHeaders.set("Access-Control-Allow-Headers", "Content-Type");  
    responseHeaders.set("Access-Control-Max-Age", "86400");  
    return new ResponseEntity<String>("",responseHeaders,HttpStatus.OK);  
  }
)

The problem here is that this returns 500 and the log shows a warning with.

java.security.AccessControlException: access denied (java.lang.RuntimePermission accessDeclaredMembers)  
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:355)  
at java.security.AccessController.checkPermission(AccessController.java:567)  
at java.lang.SecurityManager.checkPermission(Unknown Source)  
at com.google.apphosting.runtime.security.CustomSecurityManager.checkPermission(CustomSecurityManager.java:45)  
at java.lang.SecurityManager.checkMemberAccess(Unknown Source)  
at java.lang.Class.checkMemberAccess(Unknown Source)  
at java.lang.Class.getDeclaredMethods(Unknown Source)

Any suggestions?



Read more here: https://stackoverflow.com/questions/3297483/javascript-options-cross-site-data-sending-with-firefox

Content Attribution

This content was originally published by user397147 at Recent Questions - Stack Overflow, and is syndicated here via their RSS feed. You can read the original post over there.

%d bloggers like this: